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Version 1 


version 


Version of the 
certificate format 


V3 


serial Number 


Ocildl liUlilUoi Ul lilt; 

certificate assigned by 
the lA 


AccinnA/H in o ^arlol 
Mboiyric^U in a b^rial 

fashion 


signature algorithm 
Identifier 
algorithm 

parameters 


Algorithm of the signa- 
ture of the certificate 
and parameters thereof 


Elliptic curve number/RSA 
parameters when an 
elliptic curve is used 
Kiayj length when RSA 
is employed 


issuer 


lA name (in a 
distiguished name form) 


Name of the present lA 


validity 

notBefore 
notAfter 


Period during which the 
certificate is valid 

Start date 

Expiration date 




subject 


Name which identifies 
the user 


User device ID or ID of 
the service subject 


subject Public Key 
Info 
algorithm 

subject Public key 


Information of the public key 
of the user 

Algorithem of the key 

Key 


Elliptic curve/RSA 
Public key of the user 


Version 3 


authority Key Identifier 

key Identifier 

authority Cert Issuer 
authority Cert Serial 
Number 


Key identifier used in verifica- 
tion of the lA 

Key identification number (octal 
number) 

Name of the lA (in a general 
name form) 
Identification number 




subject key Identifier 


Used when a plurality 
of keys are certified 


Not used 


key usage 

(0) digital Signature 

(1) non Repudiation 

(2) key Encipherment 

(3) data Encipherment 

(4) key Agreement 

(5) key CertSign 

(6) cRL Sign 


Specifying the purpose 
of the key 

(0) for digital signature 

(1) to prevent repudiation 

(2) for encryption of the Key 

(3) for encryption of a message 

(4) for use in transmission of a 
symmetric key 

(5) used to verify the certificate 

(6) used to verify the signature 
of the certificate revolution list 


0,1,4, or 6 is used 


private Key Usage 
Period 

notBefore 

notAfter 


Period during which the 
private key stored in the 
user is valid 


Usage period is the 
same for the certificate, 
the public key, and the 
private Key (default) 
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Certificate Policy 
policy Identifier 
policy Qualifers 


Certificate policy of the certificate authority 
Policy ID (according to ISO/IEC9834-1) 
Certification criteria 


policy Mappings 
issuer Domain Policy 
subject Domain Policy 


Rpnuirpd onlv whpn thp 

ii^vJUii^VJ Willy wii^ii iii^ 

CA is certificated. Mappings 
of the policy of the issuer 
domain policy and the subject 
domain policy are defined 


default = none 


supported Algorithms 
algorithm Identifier 

jnto priori 1 Lcpnp 

intended Certificate 
Policies 


Attributes of the directory 
{X.500) are defmed. Used to 
inform a receiving party of 
communicaiion ot ine aiiriDuies 
the direction so that the recei- 
ving party can use the 
direction information 


default = none 


subject Alt Name 


Alternative name of the user 
(in the form of GN) 


not used 


issuer Alt Name 


Not used although this item 
is included in the 
certificate format 
(default = none) 


default = none 


subject Directory Attributes 


Arbitrary attributes of the user 


not used 


basic Constraints 


Specifies the public key 
to be certified 




cA 

path Len Constraint 


Indicates whether the public 
key is used by a user or 
by a certificate authority to 
write a signature 


default 

= used by a user 


name Constraints 
permitted Subtrees 
base 
minimum 


Used only when the 
certification is to certify 
a certification authority (CA) 


default = none 


maximum 
excluded Subtrees 






policy Constraints 
requier Explicit Policy 
inhibit Policy Mapping 


Constraints are described in 
terms of requirements of 
explicit policy ID or inhibit 
policy mapping for the re- 
maining certification path 




CRL Distribution Points 


Indicates a reference point 
in the revocation list at which 
data is present which 
indicates whether the 
certificate of a user is 
revocated 


Pointer which points 
to a location where 
the certificate is 
registered. The 
revocation list is 
managed by an 
issuer 


Signature 


Signature of the issuer 





5/89 

FIG. 5 



Indis- 
pensable 
Items 


•.•.•.■.•.•.•.•IteTTT.--.*.'.' 
Version 


[•.•.•.•■.•.'.•.•.'. Descriptibir 
Version 


Serial Number 


Identification Number 


signature algorithm 
Identifier 

algorithm 

parameters 


Signature algorithem 

Algorithm 
Parameters 


Issuer 


Name of the identification authority 
(in the form of a distinguished name) 


Validity 
noiBefore 
notAfter 


Period during which the certificate is valid 
Start date 
Expiration date 


Subject 


Name of the subject to be certificated 
(in a DN form) 


Extended 
Items 


subject Template Info 
encrypt Type 
encrypt Unique ID 

encryption Algorithm 

[JcliclKlclcr 

u^MHitx/ 
vdiiui ly 

subject Template Source 
subject Template 


Template information 

• encrypt Type 

•The unique ID or the certificate 
number of a public key certificate 
used for encryption 

• Algorithm 

|Jai allic^lcl 

• Validity period (start date, expiration 
date) 

• Type of the template 

• Temolate 

■ will w 1 U I W 


Subject PKC mfo 

subject PKC serial 
Number 

subject PKC Unique ID 


Information about the public key certificate 
of the subject 

• Certificate number of the subject public 
key certificate 

• Unique ID of the subject of the subject 
nubile kev certificate 


Issuer Unique ID 


Unique ID of the issuer 


Subject Unique ID 


Unique ID of the subject 


Public Key Certificate 


Public key certificate 


Issuer Alt Name 


Alternative name of the issuer 

1* ■ i W 1 II U i I V W 1 1 IpA 1 1 1 w W I 111 W 1 W W Vl W 1 


subject Directory 
Attributes 


Personal information (encrypted as required) 
information used to authenticate subject 
Age, sex, etc. 


Valid Count 


Number of times the certificate is allowed 
to be used 


Control Table Link Info 
Ctl TbI Location 
Ctl TbI Unique ID 


Link information describing group information 

• Location of a link information control 
table (URL, IP address, etc.) 

• Identification number of the link 
information 


Indispen- 
sable 


IDA Signature 


Signature of the IDA 
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(start a template registration process^ - 

S11 



USER CREATES A TEMPLATE USING 
A TEMPLATE DETECTOR OF THE IDA 



THE USER SUBMITS HIS/HER 
IDENTIFICATION DATA TO THE IDA 



THE USER SUBMITS ADDITIONAL 
INFORMATION (SUCH AS A PIN) 
TO THE IDA AS REQUIRED 



I 



OK 



THE IDA ASSIGNS AN IDENTIFICATION 
NUMBER TO THE RECEIVED DATA 
AND STORES IT IN A DATABASE 



THE IDA ENCRYPTS THE TEMPLATE 
USING A PUBLIC KEY OF THE IDA 
AND GENERATES AN IDC ON THE 
BASIS THEREOF 



( END J 



THE IDA CHECKS THE VALIDITY 
OF THE RECEIVED DATA 
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HANDLING 
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©CHECK THE 
RECEIVED DATA 

©ASSIGN AN ID TO 
THE RECEIVED 
DATA AND STORE 
IT IN THE DATABASE 

©GENERATE AN IDC 



TEMPLATE 
RECEPTION 



IDENTIFI- 
CATION 
DATA 

RECEPTION 



©CREATE 



A TEMPLATE DATA 



©SUBMIT IDENTIFI- 
CATION DATA 




© SUBMIT 

ADDITIONAL DATA 
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S23 



USER SUBMITS A TEMPLATE DELETION 
REQUEST TO THE IDA 



THE USER SUBMITS IDENTIFICATION DATA 
IDENTIFYING THE USER TO THE IDA 
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ERROR 
HANDLING 



THE USER SUBMITS ADDITIONAL 
INFORMATION (SUCH AS A PIN) 
TO THE IDA AS REQUIRED 
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THE IDA CHECKS THE VALIDITY 
OF THE RECEIVED DATA 



S25 
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NG 



OK 



THE IDA DELETES THE REGISTERED 
TEMPLATE, IDENTIFICATION DATA AND 
ADDITIONAL DATA 



S26 



THE IDA DELETES THE IDC OF THE USER 
AND DESCRIBES, IN AN INVALIDATED IDC 
LIST, THAT THE IDC HAS BEEN INVALIDATED 



1 r 
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RECEIVED DATA 
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INVALIDATION IN 
THE INVALIDATED 
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RECEPTION 



IDENTIFI- 
CATION 
DATA 

RECEPTION 
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SUBMIT A DELETION 
REQUEST IDENTIFICATION 
DATA AND ADDITIONAL 
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A USER SUBMITS A TEMPLATE CHANGE 
REQUEST TO THE IDA 



THE USER CREATES A TEMPLATE USING 
A TEMPLATE DETECTOR OF THE IDA 



THE USER SUBMITS IDENTIFICATION DATA 
IDENTIFYING THE USER TO THE IDA 
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HANDLING 
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A PUBLIC KEY OF THE IDA AND GENERATES 
AN IDC ON THE BASIS THEROEOF 
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(^START A TEMPLATE ADDITION PROCESS) 



A USER SUBMITS A TEMPLATE ADDITION 
REQUEST TO THE IDA 



THE USER CREATES A TEMPLATE USING 
A TEMPLATE DETECTOR OF THE IDA 



THE USER SUBMITS IDENTIFICATION DATA 
IDENTIFYING THE USER TO THE IDA 
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ERROR 
HANDLING 



THE USER SUBMITS ADDITIONAL INFORMATION 
(SUCH AS A PIN) TO THE IDA AS REQUIRED 
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THE IDA CHECKS THE VALIDITY 
OF THE RECEIVED DATA 
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THE IDA ASSIGNS AN IDENTIFICATION NUMBER 
TO THE RECEIVED NEW DATA AND STORES IT 
IN THE DATABASE 
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THE IDA ENCRYPTS THE NEW TEMPLATE USING 
A PUBLIC KEY OF THE IDA AND GENERATES 
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END 
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REQUEST TO THE IDA 
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AN IDA IN ADVANCE AND DETERMINE THE 
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